The ethereum virtual machine (EVM) now has what appears to be its first ever decompiler designed to revert smart contracts into source code.
Announced onstage today by the founder of cybersecurity startup Comae Technologies at the DefCon hacker conference in Las Vegas, the open-source EVM decompiler was designed to make it easier to identify bugs in ethereum smart contracts.
Coming at a time when a string of ethereum hacks have exposed the difficulty of writing secure smart contract code, the decompiler, called Porosity, promises to let developers revert difficult to understand EVM bytecode back to its original state.
Porosity developer and Comae founder, Matt Suiche, told CoinDesk:
Also announced today, Porosity is now integrated with JP Morgan's open-source Quorum blockchain created for enterprise-grade solutions, and it will now be available on the bank's Github page.
Tested with the help of some of JP Morgan's own engineers, Porosity and Quorum are expected to be packaged together to help run real-time smart contract security checks. The bundle, integrated directly into the Go-language ethereum implementation geth "out of the box," incorporates security and patching processes for private networks with formal governance models.
JP Morgan blockchain lead Amber Baldet described to CoinDesk what she believes is the significance of the technology, stating:
A time of need
While Suiche said he's new to blockchain, the serial entrepreneur who sold his previous startup to VMware was rather well prepared to build the decompiler.
As a reverse engineer, Suiche is familiar with starting with a product, and figuring out how to strip it down to its most basic parts.
So in February, when he began researching ethereum smart contracts in depth, he almost accidentally built the decompiler as part of his own personal research.
"The security community in ethereum is going to grow," he said "And we're going to see more and more reverse engineers."
The business of decompiling
Still, there's more to the business motivations driving decompiler use than just ensuring your funds remain secure.
Because vulnerabilities are frequently discovered long after a smart contract is implemented, an EVM decompiler can also bring peace of mind to investors, according to Alex Rass, CEO of customer software provider and cybersecurity consultant firm ITBS LLC.
According to Rass, decompilers are common among most "major" programming languages, in part because they help provide investors assurance that what they invested in is what is being used.
Balls of Yarn image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.